GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-06 21:51:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22ZEST0 rev.01.01A01 298,09GB Running: xth9uqt3.exe; Driver: C:\Users\OLA\AppData\Local\Temp\pftiqpob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031be000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031be02f 23 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077551360 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077551560 8 bytes JMP 000000016fff0110 .text C:\Windows\system32\csrss.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0148 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 00000000772e6ef0 8 bytes JMP 000000016fff06f8 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000772e8184 7 bytes JMP 000000016fff0880 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SetParent 00000000772e8530 8 bytes JMP 000000016fff0730 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!PostMessageA 00000000772ea404 5 bytes JMP 000000016fff0308 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!EnableWindow 00000000772eaaa0 9 bytes JMP 000000016fff08f0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!MoveWindow 00000000772eaad0 8 bytes JMP 000000016fff0768 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!GetAsyncKeyState 00000000772ec720 5 bytes JMP 000000016fff06c0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!RegisterHotKey 00000000772ecd50 8 bytes JMP 000000016fff0848 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!PostThreadMessageA 00000000772ed2b0 5 bytes JMP 000000016fff0378 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendMessageA 00000000772ed338 5 bytes JMP 000000016fff03e8 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendNotifyMessageW 00000000772edc40 9 bytes JMP 000000016fff0570 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SystemParametersInfoW 00000000772ef510 7 bytes JMP 000000016fff08b8 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000772ef874 9 bytes JMP 000000016fff0298 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 00000000772efac0 9 bytes JMP 000000016fff0490 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!PostThreadMessageW 00000000772f0b74 10 bytes JMP 000000016fff03b0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000772f4d4c 5 bytes JMP 000000016fff02d0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!GetKeyState 00000000772f5010 5 bytes JMP 000000016fff0688 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000772f5438 7 bytes JMP 000000016fff0500 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendMessageW 00000000772f6b50 5 bytes JMP 000000016fff0420 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!PostMessageW 00000000772f76e4 7 bytes JMP 000000016fff0340 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 00000000772fdd90 5 bytes JMP 000000016fff05e0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!GetClipboardData 00000000772fe874 5 bytes JMP 000000016fff0810 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SetClipboardViewer 00000000772ff780 8 bytes JMP 000000016fff07a0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000773028e4 12 bytes JMP 000000016fff0538 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!mouse_event 0000000077303894 7 bytes JMP 000000016fff0228 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077308a10 8 bytes JMP 000000016fff0650 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077308be0 12 bytes JMP 000000016fff0458 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077308c20 12 bytes JMP 000000016fff0260 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendInput 0000000077308cd0 8 bytes JMP 000000016fff0618 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!BlockInput 000000007730ad60 8 bytes JMP 000000016fff07d8 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000773314e0 5 bytes JMP 000000016fff0928 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!keybd_event 00000000773545a4 7 bytes JMP 000000016fff01f0 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007735cc08 5 bytes JMP 000000016fff05a8 .text C:\Windows\system32\services.exe[592] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007735df18 7 bytes JMP 000000016fff04c8 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\lsass.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\lsass.exe[608] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\lsass.exe[608] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\lsass.exe[608] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\lsass.exe[608] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\lsass.exe[608] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Windows\system32\lsass.exe[608] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[780] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe[848] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\svchost.exe[260] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\System32\svchost.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\System32\svchost.exe[548] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Windows\System32\svchost.exe[1040] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde54750 5 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0378 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Windows\system32\svchost.exe[1104] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\atieclxx.exe[1312] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b81465 2 bytes [B8, 75] .text C:\ProgramData\IePluginServices\PluginService.exe[1456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b814bb 2 bytes [B8, 75] .text ... * 2 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b81465 2 bytes [B8, 75] .text C:\ProgramData\WindowsProtectManger\wprotectmanager.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b814bb 2 bytes [B8, 75] .text ... * 2 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\System32\spoolsv.exe[1640] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefde54750 5 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0378 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe[1828] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Program Files (x86)\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe[1868] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1908] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[1952] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[2016] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[1268] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[1712] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2096] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\svchost.exe[2216] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Windows\system32\taskhost.exe[2476] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\Dwm.exe[2532] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\Explorer.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 00000000772e6ef0 8 bytes JMP 000000016fff06f8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SystemParametersInfoA 00000000772e8184 7 bytes JMP 000000016fff0880 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SetParent 00000000772e8530 8 bytes JMP 000000016fff0730 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!PostMessageA 00000000772ea404 5 bytes JMP 000000016fff0308 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!EnableWindow 00000000772eaaa0 9 bytes JMP 000000016fff08f0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!MoveWindow 00000000772eaad0 8 bytes JMP 000000016fff0768 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!GetAsyncKeyState 00000000772ec720 5 bytes JMP 000000016fff06c0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!RegisterHotKey 00000000772ecd50 8 bytes JMP 000000016fff0848 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!PostThreadMessageA 00000000772ed2b0 5 bytes JMP 000000016fff0378 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendMessageA 00000000772ed338 5 bytes JMP 000000016fff03e8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendNotifyMessageW 00000000772edc40 9 bytes JMP 000000016fff0570 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SystemParametersInfoW 00000000772ef510 7 bytes JMP 000000016fff08b8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SetWindowsHookExW 00000000772ef874 9 bytes JMP 000000016fff0298 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 00000000772efac0 9 bytes JMP 000000016fff0490 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!PostThreadMessageW 00000000772f0b74 10 bytes JMP 000000016fff03b0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SetWinEventHook 00000000772f4d4c 5 bytes JMP 000000016fff02d0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!GetKeyState 00000000772f5010 5 bytes JMP 000000016fff0688 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendMessageCallbackW 00000000772f5438 7 bytes JMP 000000016fff0500 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendMessageW 00000000772f6b50 5 bytes JMP 000000016fff0420 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!PostMessageW 00000000772f76e4 7 bytes JMP 000000016fff0340 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 00000000772fdd90 5 bytes JMP 000000016fff05e0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!GetClipboardData 00000000772fe874 5 bytes JMP 000000016fff0810 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SetClipboardViewer 00000000772ff780 8 bytes JMP 000000016fff07a0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendNotifyMessageA 00000000773028e4 12 bytes JMP 000000016fff0538 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!mouse_event 0000000077303894 7 bytes JMP 000000016fff0228 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000077308a10 8 bytes JMP 000000016fff0650 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000077308be0 12 bytes JMP 000000016fff0458 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000077308c20 12 bytes JMP 000000016fff0260 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendInput 0000000077308cd0 8 bytes JMP 000000016fff0618 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!BlockInput 000000007730ad60 8 bytes JMP 000000016fff07d8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!ExitWindowsEx 00000000773314e0 5 bytes JMP 000000016fff0928 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!keybd_event 00000000773545a4 7 bytes JMP 000000016fff01f0 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 000000007735cc08 5 bytes JMP 000000016fff05a8 .text C:\Windows\Explorer.EXE[2616] C:\Windows\system32\USER32.dll!SendMessageCallbackA 000000007735df18 7 bytes JMP 000000016fff04c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d02d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d0340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d03b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3992] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0378 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[4000] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4016] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[4028] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\WindowsMobile\wmdc.exe[2324] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\system32\wbem\unsecapp.exe[3564] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\system32\wbem\wmiprvse.exe[3548] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077551430 8 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA 000007fefe1fa6f0 1 byte JMP 000007fffd1d0180 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4156] C:\Windows\system32\ADVAPI32.dll!CreateProcessAsUserA + 2 000007fefe1fa6f2 5 bytes {JMP 0xfffffffffefd5a90} .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe[4200] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[4212] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\system32\SearchIndexer.exe[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe[4452] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000010028d080 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000010029fac0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000010029dfa0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000010029ec30 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000010029c270 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000010029e640 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000010029ff20 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000010029fce0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000010029e2a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000010029cc90 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000010029b520 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000010029f750 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000010029be90 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000010029c8f0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000010029f540 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000010029f0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000010029f300 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000010029c520 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000010029eec0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000100297df0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000010028d1a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff88b6bf19} .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000100294f30 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000100295ac0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000100293a60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000010028d1d0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000100298bc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001002993e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000100299cc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000100298c00 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000100299130 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000100298990 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000100299bc0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000100298ea0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000010028b640 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000010028c3d0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000010028b100 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000010028ab80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000010028c0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001002880a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000010028bb80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000100289330 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001002888e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff89735b7c} .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000100287e00 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000100288b80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000010028be20 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000010028b8e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000010028b3a0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000010028c5f0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000010028c810 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000010028a0c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000010028a600 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000010028ae40 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000010028ca80 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001002886e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000100289e10 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000100289b60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000100289080 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001002895e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000100289890 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001002882d0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000100287bf0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000100299670 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000100299880 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000010028a8c0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000010028a360 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001002884e0 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000100288e60 .text C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4540] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000100294390 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000010488d080 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000010489fac0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000010489dfa0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000010489ec30 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000010489c270 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000010489e640 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000010489ff20 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000010489fce0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000010489e2a0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000010489cc90 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000010489b520 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000010489f750 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000010489be90 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000010489c8f0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000010489f540 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000010489f0c0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000010489f300 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000010489c520 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000010489eec0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000104897df0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000010488d1a0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff8d16bf19} .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000104894f30 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000104895ac0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000104893a60 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000010488d1d0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000010488b640 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000010488c3d0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000010488b100 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000010488ab80 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000010488c0c0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001048880a0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000010488bb80 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000104889330 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001048888e0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff8dd35b7c} .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000104887e00 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000104888b80 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000010488be20 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000010488b8e0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000010488b3a0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000010488c5f0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000010488c810 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000010488a0c0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000010488a600 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000010488ae40 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000010488ca80 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001048886e0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000104889e10 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000104889b60 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000104889080 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001048895e0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000104889890 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001048882d0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000104887bf0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000104899670 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000104899880 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000010488a8c0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000010488a360 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001048884e0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000104888e60 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000104898bc0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001048993e0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000104899cc0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000104898c00 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000104899130 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000104898990 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000104899bc0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000104898ea0 .text C:\Program Files (x86)\Gadu-Gadu 10\gg.exe[4672] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000104894390 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Windows\System32\spool\drivers\x64\3\E_IATIJCE.EXE[4720] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!KiUserExceptionDispatcher 00000000776f0124 5 bytes JMP 000000011002a6f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000776ffac0 5 bytes JMP 000000011002ada0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000776ffb28 5 bytes JMP 000000011002ad00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000776ffb58 5 bytes JMP 000000011002a430 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002ad40 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776ffe14 5 bytes JMP 000000011002ade0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000776fffec 5 bytes JMP 000000011002ae00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077700038 5 bytes JMP 000000011002a3e0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002ad60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077700814 5 bytes JMP 000000011002ae20 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000777009e4 5 bytes JMP 000000011002adc0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002ad80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!NtUnloadDriver 0000000077701e58 5 bytes JMP 000000011002ad20 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!RtlAllocateHeap 000000007770e046 5 bytes JMP 000000011002a480 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrGetProcedureAddress 00000000777101ea 5 bytes JMP 000000011002ace0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!GetProcAddress 0000000075401222 5 bytes JMP 000000011002acc0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!GetModuleHandleA 0000000075401245 5 bytes JMP 000000011002aa60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!GetModuleHandleW 0000000075403470 5 bytes JMP 000000011002aa40 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000075403f1c 5 bytes JMP 000000011002ac00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!VirtualProtect 0000000075404327 5 bytes JMP 000000011002a9c0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 00000000754048db 5 bytes JMP 000000011002ac80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 00000000754048f3 5 bytes JMP 000000011002aa00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075404925 5 bytes JMP 000000011002ac60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007540499f 5 bytes JMP 000000011002aa20 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CreateFileA 000000007540538e 5 bytes JMP 000000011002ac20 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!DeleteFileA 000000007540540c 5 bytes JMP 000000011002aaa0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!DeleteFileW 000000007540897b 5 bytes JMP 000000011002aa80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000075419aa4 5 bytes JMP 000000011002aac0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!MoveFileW 0000000075419ac8 5 bytes JMP 000000011002ab40 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075419b05 5 bytes JMP 000000011002ab00 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!OpenFile 000000007541a2d7 5 bytes JMP 000000011002ac40 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CopyFileExW 0000000075423b62 7 bytes JMP 000000011002ab80 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000754258b5 5 bytes JMP 000000011002abe0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000754282d5 5 bytes JMP 000000011002abc0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!MoveFileExA 000000007542ccb1 5 bytes JMP 000000011002ab20 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 000000007542ccd1 5 bytes JMP 000000011002aae0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007547dd21 5 bytes JMP 000000011002ab60 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!CopyFileExA 000000007547f061 5 bytes JMP 000000011002aba0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075482ff1 5 bytes JMP 000000011002a9e0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\kernel32.dll!LoadModule 000000007548364b 5 bytes JMP 000000011002aca0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000756e3cd3 7 bytes JMP 000000011002a8c0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[4732] C:\Windows\syswow64\WS2_32.dll!WSASocketA 00000000756ec82a 5 bytes JMP 000000011002a8e0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000010213d080 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000010214fac0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000010214dfa0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000010214ec30 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000010214c270 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000010214e640 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000010214ff20 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000010214fce0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000010214e2a0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000010214cc90 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000010214b520 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000010214f750 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000010214be90 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000010214c8f0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000010214f540 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000010214f0c0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000010214f300 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000010214c520 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000010214eec0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000102147df0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000010213d1a0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff8aa1bf19} .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000102144f30 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000102145ac0 .text C:\Program Files (x86)\Launch Manager\LManager.exe[2200] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000102143a60 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW 00000000773e98e0 12 bytes JMP 000000016fff01b8 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000077400650 12 bytes JMP 000000016fff0148 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\system32\kernel32.dll!CreateProcessA 000000007747acf0 1 byte JMP 000000016fff0180 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\system32\kernel32.dll!CreateProcessA + 2 000000007747acf2 5 bytes {JMP 0xfffffffff8b75490} .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3316] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefd4d53c0 7 bytes JMP 000007fffd1d0148 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\Launch Manager\LMworker.exe[2160] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000010203d080 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000010204fac0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000010204dfa0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000010204ec30 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000010204c270 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000010204e640 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000010204ff20 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000010204fce0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000010204e2a0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000010204cc90 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000010204b520 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000010204f750 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000010204be90 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000010204c8f0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000010204f540 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000010204f0c0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000010204f300 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000010204c520 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000010204eec0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000102047df0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000010203d1a0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff8a91bf19} .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000102044f30 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000102045ac0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000102043a60 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000010203b640 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000010203c3d0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendMessageW 0000000076b49679 5 bytes JMP 000000010203b100 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000010203ab80 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000010203c0c0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001020380a0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000076b512a5 5 bytes JMP 000000010203bb80 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!GetKeyState 0000000076b5291f 5 bytes JMP 0000000102039330 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SetParent 0000000076b52d64 1 byte JMP 00000001020388e0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff8b4e5b7c} .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!EnableWindow 0000000076b52da4 5 bytes JMP 0000000102037e00 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!MoveWindow 0000000076b53698 5 bytes JMP 0000000102038b80 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000076b53baa 5 bytes JMP 000000010203be20 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000010203b8e0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendMessageA 0000000076b5612e 5 bytes JMP 000000010203b3a0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000010203c5f0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000010203c810 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000010203a0c0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000010203a600 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000010203ae40 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000010203ca80 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001020386e0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000102039e10 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000102039b60 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000102039080 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001020395e0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendInput 0000000076b6ff4a 5 bytes JMP 0000000102039890 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001020382d0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000102037bf0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!mouse_event 0000000076ba027b 5 bytes JMP 0000000102049670 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!keybd_event 0000000076ba02bf 5 bytes JMP 0000000102049880 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000010203a8c0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000010203a360 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001020384e0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000102038e60 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000102048bc0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001020493e0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000102049cc0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000102048c00 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000102049130 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000102048990 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000102049bc0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000102048ea0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[3320] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000102044390 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000010202d080 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000010203fac0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000010203dfa0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000010203ec30 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000010203c270 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000010203e640 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000010203ff20 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000010203fce0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000010203e2a0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000010203cc90 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000010203b520 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000010203f750 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000010203be90 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000010203c8f0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000010203f540 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000010203f0c0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000010203f300 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000010203c520 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000010203eec0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000102037df0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000010202d1a0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff8a90bf19} .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000102034f30 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000102035ac0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000102033a60 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000010202d1d0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000010202b640 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000010202c3d0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendMessageW 0000000076b49679 5 bytes JMP 000000010202b100 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000010202ab80 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000010202c0c0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001020280a0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000076b512a5 5 bytes JMP 000000010202bb80 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!GetKeyState 0000000076b5291f 5 bytes JMP 0000000102029330 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SetParent 0000000076b52d64 1 byte JMP 00000001020288e0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff8b4d5b7c} .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!EnableWindow 0000000076b52da4 5 bytes JMP 0000000102027e00 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!MoveWindow 0000000076b53698 5 bytes JMP 0000000102028b80 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000076b53baa 5 bytes JMP 000000010202be20 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000010202b8e0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendMessageA 0000000076b5612e 5 bytes JMP 000000010202b3a0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000010202c5f0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000010202c810 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000010202a0c0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000010202a600 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000010202ae40 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000010202ca80 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001020286e0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000102029e10 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000102029b60 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000102029080 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001020295e0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendInput 0000000076b6ff4a 5 bytes JMP 0000000102029890 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001020282d0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000102027bf0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!mouse_event 0000000076ba027b 5 bytes JMP 0000000102039670 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!keybd_event 0000000076ba02bf 5 bytes JMP 0000000102039880 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000010202a8c0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000010202a360 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001020284e0 .text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[4832] C:\Windows\syswow64\user32.DLL!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000102028e60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5132] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b81465 2 bytes [B8, 75] .text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b814bb 2 bytes [B8, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[5588] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Program Files (x86)\fst_pl_116\fst_pl_116.exe[5736] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077523b10 5 bytes JMP 000000016fff0110 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077527ac0 5 bytes JMP 000000016fff0d50 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000775513a0 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077551570 8 bytes JMP 000000016fff0a78 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000775515e0 8 bytes JMP 000000016fff0c00 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077551620 8 bytes JMP 000000016fff0b90 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 00000000775516c0 8 bytes JMP 000000016fff0c38 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077551750 8 bytes JMP 000000016fff0b58 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077551790 8 bytes JMP 000000016fff0998 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775517e0 8 bytes JMP 000000016fff09d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077551800 8 bytes JMP 000000016fff0bc8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 00000000775519f0 8 bytes JMP 000000016fff0d18 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077551b00 8 bytes JMP 000000016fff0960 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000077551bd0 8 bytes JMP 000000016fff0ab0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000077551d20 8 bytes JMP 000000016fff0c70 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077551d30 8 bytes JMP 000000016fff0ce0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775520a0 8 bytes JMP 000000016fff0ae8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000077552130 8 bytes JMP 000000016fff0ca8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775529a0 8 bytes JMP 000000016fff0b20 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077552a20 8 bytes JMP 000000016fff0a08 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077552aa0 8 bytes JMP 000000016fff0a40 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefdd322d0 5 bytes JMP 000007fffd1d0260 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!BitBlt 000007fefdd324b8 5 bytes JMP 000007fffd1d0298 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefdd35be0 5 bytes JMP 000007fffd1d02d0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefdd38384 9 bytes JMP 000007fffd1d01f0 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefdd389c4 9 bytes JMP 000007fffd1d01b8 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!GetPixel 000007fefdd3933c 5 bytes JMP 000007fffd1d0228 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefdd3b9e8 5 bytes JMP 000007fffd1d0340 .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2408] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefdd3c8b0 5 bytes JMP 000007fffd1d0308 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[4220] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000776ff9e0 5 bytes JMP 000000011001d080 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776ffcb0 5 bytes JMP 000000011002fac0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 00000000776ffd64 5 bytes JMP 000000011002dfa0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000776ffdc8 5 bytes JMP 000000011002ec30 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000776ffec0 5 bytes JMP 000000011002c270 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000776fffa4 5 bytes JMP 000000011002e640 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077700004 5 bytes JMP 000000011002ff20 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077700084 5 bytes JMP 000000011002fce0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777000b4 5 bytes JMP 000000011002e2a0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 00000000777003b8 5 bytes JMP 000000011002cc90 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077700550 5 bytes JMP 000000011002b520 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000077700694 5 bytes JMP 000000011002f750 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007770088c 5 bytes JMP 000000011002be90 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777008a4 5 bytes JMP 000000011002c8f0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077700df4 5 bytes JMP 000000011002f540 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000077700ed8 5 bytes JMP 000000011002f0c0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077701be4 5 bytes JMP 000000011002f300 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000077701cb4 5 bytes JMP 000000011002c520 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077701d8c 5 bytes JMP 000000011002eec0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007771c4dd 5 bytes JMP 0000000110027df0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077721287 1 byte JMP 000000011001d1a0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll + 2 0000000077721289 5 bytes {JMP 0xffffffff988fbf19} .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007540103d 5 bytes JMP 0000000110024f30 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075401072 5 bytes JMP 0000000110025ac0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 000000007542c9b5 5 bytes JMP 0000000110023a60 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007713f784 5 bytes JMP 000000011001d1d0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000076b48bff 5 bytes JMP 000000011001b640 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 0000000076b490d3 7 bytes JMP 000000011001c3d0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000076b49679 5 bytes JMP 000000011001b100 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 0000000076b497d2 5 bytes JMP 000000011001ab80 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b4ee09 5 bytes JMP 000000011001c0c0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!RegisterHotKey 0000000076b4efc9 5 bytes JMP 00000001100180a0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b512a5 5 bytes JMP 000000011001bb80 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000076b5291f 5 bytes JMP 0000000110019330 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SetParent 0000000076b52d64 1 byte JMP 00000001100188e0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SetParent + 2 0000000076b52d66 3 bytes {JMP 0xffffffff994c5b7c} .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076b52da4 5 bytes JMP 0000000110017e00 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000076b53698 5 bytes JMP 0000000110018b80 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b53baa 5 bytes JMP 000000011001be20 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000076b53c61 5 bytes JMP 000000011001b8e0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendMessageA 0000000076b5612e 5 bytes JMP 000000011001b3a0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000076b56c30 7 bytes JMP 000000011001c5f0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b57603 5 bytes JMP 000000011001c810 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000076b57668 5 bytes JMP 000000011001a0c0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 0000000076b576e0 5 bytes JMP 000000011001a600 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 0000000076b5781f 5 bytes JMP 000000011001ae40 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b5835c 5 bytes JMP 000000011001ca80 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000076b5c4b6 5 bytes JMP 00000001100186e0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 0000000076b6c112 5 bytes JMP 0000000110019e10 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 0000000076b6d0f5 5 bytes JMP 0000000110019b60 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000076b6eb96 5 bytes JMP 0000000110019080 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!GetKeyboardState 0000000076b6ec68 5 bytes JMP 00000001100195e0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendInput 0000000076b6ff4a 5 bytes JMP 0000000110019890 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076b89f1d 5 bytes JMP 00000001100182d0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 0000000076b91497 5 bytes JMP 0000000110017bf0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!mouse_event 0000000076ba027b 5 bytes JMP 0000000110029670 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!keybd_event 0000000076ba02bf 5 bytes JMP 0000000110029880 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 0000000076ba6cfc 5 bytes JMP 000000011001a8c0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 0000000076ba6d5d 5 bytes JMP 000000011001a360 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!BlockInput 0000000076ba7dd7 5 bytes JMP 00000001100184e0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 0000000076ba88eb 5 bytes JMP 0000000110018e60 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000756658b3 5 bytes JMP 0000000110028bc0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000075665ea6 5 bytes JMP 00000001100293e0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075667bcc 5 bytes JMP 0000000110029cc0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007566b895 5 bytes JMP 0000000110028c00 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!MaskBlt 000000007566c332 5 bytes JMP 0000000110029130 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!GetPixel 000000007566cbfb 5 bytes JMP 0000000110028990 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!CreateDCW 000000007566e743 5 bytes JMP 0000000110029bc0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\GDI32.dll!PlgBlt 000000007569480f 5 bytes JMP 0000000110028ea0 .text C:\Users\OLA\Desktop\xth9uqt3.exe[3416] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075382642 5 bytes JMP 0000000110024390 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [1401c6940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetModuleHandleA] [1401c7850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExW] [1401c7750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!LoadLibraryExA] [1401c76d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!DeleteObject] [1401c5c00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassA] [1401c6a20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [1401c6b70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!GetSysColor] [1401c5b90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!GetSystemMetrics] [1401c6cc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!GetSysColorBrush] [1401c5c60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!GetScrollInfo] [1401c5f10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SystemParametersInfoW] [1401c6ec0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!DrawEdge] [1401c72a0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!AdjustWindowRectEx] [1401c70a0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetScrollInfo] [1401c5da0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!SetScrollPos] [1401c5ce0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!CallWindowProcW] [1401c5fc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!GetSysColor] [1401c5b90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [1401c6b70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\SHELL32.dll[USER32.dll!FillRect] [1401c71f0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryExW] [1401c7750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[GDI32.dll!DeleteObject] [1401c5c00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!CallWindowProcW] [1401c5fc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!SystemParametersInfoW] [1401c6ec0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!GetSystemMetrics] [1401c6cc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!GetSysColor] [1401c5b90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [1401c6b70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryExA] [1401c76d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateThread] [1401c6940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!RegisterClassW] [1401c6b70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!SystemParametersInfoW] [1401c6ec0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!GetSysColor] [1401c5b90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!GetSystemMetrics] [1401c6cc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\OLEAUT32.dll[GDI32.dll!DeleteObject] [1401c5c00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\version.DLL[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\version.DLL[KERNEL32.dll!LoadLibraryExW] [1401c7750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryExW] [1401c7750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryExA] [1401c76d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[USER32.dll!SystemParametersInfoW] [1401c6ec0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[USER32.dll!DrawEdge] [1401c72a0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[USER32.dll!GetSystemMetrics] [1401c6cc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateThread] [1401c6940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\IMM32.DLL[GDI32.dll!DeleteObject] [1401c5c00] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!CreateThread] [1401c6940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryExA] [1401c76d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryExW] [1401c7750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\System32\msxml3.dll[USER32.dll!RegisterClassW] [1401c6b70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetModuleHandleA] [1401c7850] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [1401c7970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryA] [1401c7630] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExA] [1401c76d0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryW] [1401c7680] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateThread] [1401c6940] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!LoadLibraryExW] [1401c7750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[USER32.dll!SystemParametersInfoW] [1401c6ec0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[USER32.dll!GetSystemMetrics] [1401c6cc0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3420] @ C:\Windows\system32\urlmon.dll[USER32.dll!RegisterClassA] [1401c6a20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001986002e98 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001986002e98 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0580F466-B5C3-42D6-9DCD-F5ECE8F2EC77.data 288840 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0580F466-B5C3-42D6-9DCD-F5ECE8F2EC77.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\084B0178-D631-49B1-ACEE-715533BF3AB6.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\084B0178-D631-49B1-ACEE-715533BF3AB6.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\09B79893-48DA-4776-AC23-88C1A1DB386C.data 305704 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\09B79893-48DA-4776-AC23-88C1A1DB386C.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\177282CD-8958-4168-BF9C-4BC88A4669FC.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\177282CD-8958-4168-BF9C-4BC88A4669FC.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1AD30024-9A44-4451-9581-3B09DC938E82.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1AD30024-9A44-4451-9581-3B09DC938E82.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1FF86B97-3D8B-4F1F-A0A3-74FC6F002861.data 288840 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1FF86B97-3D8B-4F1F-A0A3-74FC6F002861.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7C6BBB1A-E487-4233-8999-6B50872B953D.data 285184 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7C6BBB1A-E487-4233-8999-6B50872B953D.data.info 134 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\872B448E-322B-48DD-8C79-4DBD95E4FF10.data 291368 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\872B448E-322B-48DD-8C79-4DBD95E4FF10.data.info 138 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B696BD6-28B0-47B6-877F-22665A03EB66.data 7168 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B696BD6-28B0-47B6-877F-22665A03EB66.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EB6D5B91-BC9A-412C-8868-AE2AD0117FC4.data 291368 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EB6D5B91-BC9A-412C-8868-AE2AD0117FC4.data.info 138 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F03957A5-8823-45F8-90AA-8BE9333780F1.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F03957A5-8823-45F8-90AA-8BE9333780F1.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F14135AC-7BF4-4C0B-8FE9-6DC1AB9EE9C3.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F14135AC-7BF4-4C0B-8FE9-6DC1AB9EE9C3.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F42DC801-7E21-497A-93AD-4E1ECF6A380A.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F42DC801-7E21-497A-93AD-4E1ECF6A380A.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F519CD6F-9E3B-45F1-8584-CA7BCB1191A9.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F519CD6F-9E3B-45F1-8584-CA7BCB1191A9.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FD36D3BC-106C-4BBE-B142-C843355D623D.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FD36D3BC-106C-4BBE-B142-C843355D623D.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\366645B0-5DE0-4A96-86AA-7CE427A3BE1F.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\366645B0-5DE0-4A96-86AA-7CE427A3BE1F.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3DCF5401-2EB3-45C8-BDF1-216523D846A5.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3DCF5401-2EB3-45C8-BDF1-216523D846A5.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\432F7D61-0DBB-49A8-B7B0-A5676DEEB337.data 305704 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\432F7D61-0DBB-49A8-B7B0-A5676DEEB337.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4504CC0F-71D5-40BA-A1DC-90D4AAF0F9BC.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4504CC0F-71D5-40BA-A1DC-90D4AAF0F9BC.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E48B323-A71A-485C-9229-7BA271F9398F.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9FFE3F9C-A0CD-4252-9FFB-5876E7312316.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9FFE3F9C-A0CD-4252-9FFB-5876E7312316.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B1810D2B-25E4-4802-8719-877AD9537E62.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B1810D2B-25E4-4802-8719-877AD9537E62.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B5C0B6EE-FBA9-45B7-BFE5-B74EA89A1FE0.data 306216 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B5C0B6EE-FBA9-45B7-BFE5-B74EA89A1FE0.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C0E2EE49-A08F-4EDC-B5FF-BDA4F8DFF58F.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4C0558B2-5355-460D-8756-3AC5F9680E4D.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4E354CAF-3C89-413E-8446-DEC963244155.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4E354CAF-3C89-413E-8446-DEC963244155.data.info 142 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4FED3624-209C-4CF4-B22B-4B71CB04B0B1.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4FED3624-209C-4CF4-B22B-4B71CB04B0B1.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5AC33C9D-2E1B-45F8-B3EC-CD2B44E521FB.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5AC33C9D-2E1B-45F8-B3EC-CD2B44E521FB.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5F20033D-97BC-4554-9B6C-BB51AF312202.data 3094472 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5F20033D-97BC-4554-9B6C-BB51AF312202.data.info 164 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\671E9764-548A-44F9-B2C3-ABB9749AE414.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\671E9764-548A-44F9-B2C3-ABB9749AE414.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\730C6E2D-0FBC-47D0-BEE1-53877C7CA857.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\730C6E2D-0FBC-47D0-BEE1-53877C7CA857.data.info 144 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A5456FF-A607-4835-8634-345EDD4366A4.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1FFE67E0-0000-45BA-8AC4-96D27F64BA3E.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\255D77C0-8FB9-44AF-B4AE-CDE6249F5F4D.data 307240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\255D77C0-8FB9-44AF-B4AE-CDE6249F5F4D.data.info 142 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2BCE7E67-168F-4C52-9337-CBFCA1E46032.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2BCE7E67-168F-4C52-9337-CBFCA1E46032.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2BCFF6AE-6225-45E7-9747-CC783E87197D.data 288840 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2BCFF6AE-6225-45E7-9747-CC783E87197D.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2CC90288-4D4C-43A4-8E22-DA324B67F82C.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C516CFC9-1F68-4B1C-A650-66672B65F346.data 306216 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C516CFC9-1F68-4B1C-A650-66672B65F346.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D5684172-5594-498C-9C55-8EA8583C70E6.data 373458 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D5684172-5594-498C-9C55-8EA8583C70E6.data.info 146 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E1524CCE-783D-448E-989A-8E636BB03BC7.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E1524CCE-783D-448E-989A-8E636BB03BC7.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E3A32919-AA16-496B-A84D-B40C48366D7C.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E3A32919-AA16-496B-A84D-B40C48366D7C.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1FFE67E0-0000-45BA-8AC4-96D27F64BA3E.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2CC90288-4D4C-43A4-8E22-DA324B67F82C.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4C0558B2-5355-460D-8756-3AC5F9680E4D.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A5456FF-A607-4835-8634-345EDD4366A4.data.info 136 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E48B323-A71A-485C-9229-7BA271F9398F.data 289832 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C0E2EE49-A08F-4EDC-B5FF-BDA4F8DFF58F.data.info 140 bytes ---- EOF - GMER 2.1 ----